Method and system for limiting the possibility of transforming data designed to constitute, in particular pre-payment tokens

ABSTRACT

The subject of the invention concerns a process and a system to limit the possibility to transform data, the transformation of T X -type data into T Y -type data being carried out using an A-type transformation function, while the transformation of T Y -type data into T X -type data is carried out using a B-type transformation function, inverse of the A-type transformation function, the data being in particular designed to constitute for instance pre-payment tokens. 
     According to the invention, the system includes at least one A-type data processing system (STD A ), at least one B-type data processing system (STD B ), at least one link, at least once, between the system (STD A ) and the system (STD B ), at least one A-type processing and memorizing unit (UTM A ) including at least the A-type transformation function, at least one B-type processing and memorizing unit (UTM B ) including the B-type transformation function and not including the A-type transformation function.

The subject of the invention concerns the domain of technical means adapted to limit, through at least one processing and memorizing unit, the possibility to transform T_(X)-type data into T_(Y)-type data and the possibility to transform T_(Y)-type data into T_(X)-type data, the transformation of the T_(X)-type data into T_(Y)-type data being carried out using an A-type transformation function, while the transformation of the T_(Y)-type data into T_(X)-type data is carried out using a B-type transformation function, inverse of the A-type transformation function.

The subject of the invention finds a particularly advantageous but non-exclusive application in the domain of generation and use of data designed to constitute pre-payment tokens, such as prepayment cards for instance.

In the state of technology, appears the need, for certain applications, to attribute to at least three categories of persons or users, different transformation capabilities for data. The first user category is able to transform T_(X)-type data into T_(Y)-type data using an A-type transformation function. The second user category is able to transform T_(Y)-type data into T_(X)-type data using the B-type transformation function inverse of the A-type transformation function, but is not able to transform T_(X)-type data into T_(Y)-type data using the A-type transformation function. The third user category is able neither to transform T_(X)-type data into T_(Y)-type data using the A-type transformation function, nor to transform T_(Y)-type data into T_(X)-type data using the B-type transformation function, inverse of the A-type transformation function.

For instance, such a need to distinguish three user categories exists for data designed to constitute pre-payment tokens. Thus, a first user category is able to generate from known initial identifiers corresponding each to a client possessing a resource consumption credit, tamperproof pre-payment token identifiers. A second user category is able to restore, from a prepayment token identifier, the known initial identifier, and therefore the client, with the intention of affecting his resource consumption to him. The third user category is able neither to generate pre-payment token identifiers, nor to determine the client corresponding to a token identifier.

For the implementation of such a process, is known in the previous art, the technique which uses a public keys—private keys encryption system, applied twice. The first user category has a public key #1 and a private key #2. The second user category has a public key #2 and a private key #1.

The first user category is able to transform T_(X)-type data D_(X) into T_(Y)-type data D_(Y). To that end, the data D_(X) is encrypted using the public key #1 to obtain intermediate data which is decrypted using the private key #2 to form data D_(Y).

The second user category is able to transform the T_(Y)-type data D_(Y) into T_(X)-type data D_(X). The data D_(Y) is encrypted using the public key #2 to obtain intermediate data which is decrypted using the private key #1 to constitute the data D_(X). However, the second user category is not able to transform the data D_(X) into data D_(Y), because it does not have the private key #2.

The third user category is able to transform neither the data D_(X) into data D_(Y), nor the data D_(Y) into data D_(X).

The implementation of that technique of limitation of the possibility to transform data requires the setting up of a public keys certification infrastructure. Such infrastructure is relatively complex and costly.

The subject of the invention aims at remedying the drawbacks of the previous art by proposing a technique enabling to limit the possibilities of data use for three user categories, by implementing simple and inexpensive means.

So as to reach such a goal, the subject of the invention concerns a process to limit, through at least one processing and memorizing unit, the possibility to transform T_(X)-type data into T_(Y)-type data and the possibility to transform T_(Y)-type data into T_(X)-type data, the transformation of the T_(X)-type data into T_(Y)-type data being carried out using an A-type transformation function, while the transformation of the T_(Y)-type data into T_(X)-type data is carried out using a B-type transformation function, inverse of the A-type transformation function, the data being in particular designed to constitute for instance, pre-payment tokens, and being implemented on at least one data processing system.

According to the invention, the process comprises:

-   -   using an A-type data processing system and a B-type data         processing system,     -   setting up at least once, at least one link between the A-type         data processing system and the B-type data processing system, so         as to provide the transfer of at least T_(Y)-type data from the         A-type data processing system to the B-type data processing         system and/or to provide the transfer of at least T_(X)-type         data from the B-type data processing system to the A-type data         processing system,     -   during an A-type customization phase, creating at least one         A-type processing and memorizing unit including at least the         A-type transformation function,     -   during an A-type transformation phase:         -   for a user possessing at least one A-type processing and             memorizing unit, enabling:             -   to transfer at least one piece of T_(X)-type data from                 the A-type data processing system to the A-type                 processing and memorizing unit,             -   to transform in the A-type processing and memorizing                 unit, each piece of T_(X)-type data into a piece of                 T_(Y)-type data, using the A-type transformation                 function,             -   to transfer each piece of T_(Y)-type data from the                 A-type processing and memorizing unit to the A-type data                 processing system,         -   for a user not possessing any A-type processing and             memorizing unit, not being able to transform a piece of             T_(X)-type data into a piece of T_(Y)-type data, using the             A-type transformation function,     -   during a B-type customization phase, creating at least one         B-type processing and memorizing unit including the B-type         transformation function and not including the A-type         transformation function,     -   and during a B-type transformation phase:         -   for a user possessing a B-type processing and memorizing             unit, and not possessing an A-type processing and memorizing             unit,             -   enabling:                 -   to transfer at least one piece of T_(Y)-type data                     from the B-type data processing system, to the                     B-type processing and memorizing unit,                 -   to transform in the B-type processing and memorizing                     unit each piece of T_(Y)-type data into a piece of                     T_(X)-type data, using the B-type transformation                     function,                 -   to transfer each piece of T_(X)-type data from the                     B-type processing and memorizing unit to the B-type                     data processing system,             -   not being able to transform a piece of T_(X)-type data                 into a piece of T_(Y)-type data using the A-type                 transformation function.

Various other characteristics emerge from the description made below in reference to the appended diagrams which show, as non-limiting examples, embodiments and implementations of the subject of the invention.

FIG. 1 is a functional block diagram illustrating the technical means enabling the implementation of the invention.

FIG. 2 is a diagram illustrating the transformations of data implemented by the subject of the invention.

FIG. 3 is a diagram stowing the spot where the transformation functions are executed.

FIG. 4 is a diagram illustrating the user categories discriminated between by the subject of the invention.

FIG. 5 is a diagram illustrating the carrying out of the transformation functions using the known technique of secret keys encryption.

FIGS. 6 and 7 are diagrams illustrating two embodiments of the transformation functions using the known technique of public keys—private keys encryption.

FIG. 8 is a diagram illustrating the implementation of an additional transformation function in addition to the known encryption functions.

FIG. 9 is a diagram illustrating an implementation example of apparatuses of customization of processing and memorizing units.

FIG. 10 is a diagram illustrating the principle of information generation.

FIG. 11 is a diagram illustrating the generation and transfer of information towards the processing and memorizing units, during a customization phase.

FIGS. 12 and 13 are respectively principle and application diagrams, illustrating an application example of the subject of the invention enabling the generation and use of pre-payment tokens.

FIG. 1 illustrates an embodiment of a system 1 to limit the possibility of data transformation. The system 1 includes an A-type data processing system STD_(A). Generally speaking, such an A-type data processing system STD_(A) includes at least one processor A₁₀ enabling the execution of an implementation software A₁₁. The A-type data processing system STD_(A) can be a computer, a server or be part, for instance, of various machines, devices, fixed or mobile products, or vehicles in the general sense. The A-type data processing system STD_(A) is connected, using transfer means A₁₂, by a link A₂₀, to an A-type processing and memorizing unit UTM_(A).

For the sake of simplification in the rest of the description, the A-type data processing system STD_(A) shall be refereed to as system STD_(A) and the A-type processing and memorizing unit UTM_(A) shall be refereed to as unit UTM_(A).

The link A₂₀ between the system STD_(A) and the unit UTM_(A) can be realized in any possible way, such as for instance a serial link, a USB bus, a radio link, an optical link, a network link or a direct electric connection to a circuit of the system STD_(A), etc. It should be observed that the unit UTM_(A) can possibly be physically located inside the same integrated circuit than the processor of the system STD_(A). In this case, the unit UTM_(A) can be considered as a co-processor in relation to the processor of the system STD_(A) and the link A₂₀ is internal to the integrated circuit.

The unit UTM_(A) includes transfer means A₃₀ and processing and memorizing means A₃₁. It must be considered that the transfer means A₁₂ and A₃₀ are of software and/or hardware nature and are capable of providing and optimizing the data communication between the system STD_(A) and the unit UTM_(A). Said transfer means A₁₂, A₃₀ are adapted to enable to have at one's disposal an implementation software A₁₁ which is, preferably, independent from the type of link A₂₀ used. Said transfer means A₁₂, A₃₀ are not part of the subject of the invention and are not described more precisely as they are well known by the Man of art.

Said unit UTM_(A) is able to:

-   -   using the transfer means A₃₀:         -   accept data provided by the system STD_(A),         -   return data to the system STD_(A),     -   using the processing and memorizing means A₃₁:         -   to store data possibly in secret and to retain at least a             part of said data even if the unit UTM_(A) is switched off,         -   and to carry out algorithmic processing on data, part or all             of said processing being possibly secret.

As non-limiting example, said unit UTM_(A) can be constituted by a material key on the USB bus of the system STD_(A) or preferably by a chip card and its interface commonly called card reader linked up to the system STD_(A).

In the case where the unit UTM_(A) is constituted by a chip card and its interface, the transfer means A₃₀ are split into two parts, one being on the interface and the other one being on the chip card. In this embodiment, the absence of the chip card is considered as equivalent to the absence of the unit UTM_(A), inasmuch as the processing and memorizing means A₃₁ contained in the chip card are missing.

The system 1 also includes a B-type data processing system STD_(B). Generally speaking, such a B-type data processing system STD_(B) includes at least one processor B₁₀ enabling the execution of an implementation software B₁₁. The B-type data processing system STD_(B) can be a computer, a server or be part, for instance, of various machines, devices, fixed or mobile products, or vehicles in the general sense. The B-type data processing system STD_(B) is connected, using transfer means B₁₂, by a link B₂₀, to a B-type processing and memorizing unit UTM_(B).

For the sake of simplification in the rest of the description, the B-type data processing system STD_(B) shall be referred to as system STD_(B) and the B-type processing and memorizing unit UTM_(B) shall be referred to as unit UTM_(B).

The link B₂₀ between the system STD_(B) and the unit UTM_(B) can be realized in any possible way, such as for instance a serial link, a USB bus, a radio link, an optical link, a network link or a direct electric connection to a circuit of the system STD_(B), etc. It should be observed that the unit UTM_(B) can possibly be physically located inside the same integrated circuit than the processor of the system STD_(B). In this case, the unit UTM_(B) can be considered as a co-processor in relation to the processor of the system STD_(B) and the link B₂₀ is internal to the integrated circuit.

The unit UTM_(B) includes transfer means B₃₀ and processing and memorizing means B₃₁. It must be considered that the transfer means B₁₂ and B₃₀ are of software and/or hardware nature and are capable of providing and optimizing the data communication between the system STD_(B) and the unit UTM_(B). Said transfer means B₁₂, B₃₀ are adapted to enable to have at one's disposal an implementation software B₁₁ which is, preferably, independent from the type of link B₂₀ used. Said transfer means B₁₂, B₃₀ are not part of the subject of the invention and are not described more precisely as they are well known by the Man of art.

Said unit UTM_(B) is able to:

-   -   using the transfer means B₃₀:         -   accept data provided by the system STD_(B),         -   return data to the system STD_(B),     -   using the processing and memorizing means B₃₁:         -   to store data possibly in secret and to retain at least a             part of said data even if the unit UTM_(B) is switched off,         -   and to carry out algorithmic processing on data, part or all             of said processing being possibly secret.

As non-limiting example, said unit UTM_(B) can be constituted by a material key on the USB bus of the system STD_(B) or preferably by a chip card and its interface commonly called card reader linked up to the system STD_(B).

In the case where the unit UTM_(B) is constituted by a chip card and its interface, the transfer means B₃₀ are split into two parts, one being on the interface and the other one being on the chip card. In this embodiment, the absence of the chip card is considered as equivalent to the absence of the unit UTM_(B), inasmuch as the processing and memorizing means B₃₁ contained in the chip card are missing.

The system 1 according to the invention also includes at least once, at least one link L between the system STD_(A) and the system STD_(B). Said link L constitutes an information transfer channel and can be realized in all known ways. Said link L can be provided by a computer network and/or by a material transmission of information (personal delivery, postal delivery, etc.). Depending on the applications, the link L can transmit information from the system STD_(A) to the system STD_(B), from the system STD_(B) to the system STD_(A) or in both directions. As non-limiting example, the transfer by said link L between the system STD_(A) and the system STD_(B) can take the following heterogeneous channel: transmission of files from the system STD_(A), then printing on a physical support, then transfer of said physical support, then keyboarding data on a computer, then lastly transfer through a computer network to the system STD_(B).

FIG. 2 illustrates the data transformations carried out by the process according to the invention. Two data types are defined, namely the type T_(X) and the type T_(Y). Each of said types T_(X) and T_(Y) is a computer type of data, such as for instance, a 8-bit character, a 32-bit integer, a 64-bit integer, a 512-bit integer, a 64-bit float. In a preferred variant embodiment, the 64-bit integer type is used as data type T_(X), as well as as data type T_(Y).

The invention uses an A-type transformation function F_(A) and a B-type transformation function F_(B). The A-type transformation function F_(A) is a bijection having as starting set the type T_(X) and as ending set the type T_(Y). The B-type transformation function F_(B) is a bijection having as starting set the type T_(Y) and as ending set the type T_(X). The A-type transformation function F_(A) and the B-type transformation function F_(B) are inverse of each other. For the sake of simplification in the rest of the description, the A-type transformation function F_(A) shall be referred to as function F_(A) and the B-type transformation function F_(B) shall be referred to as function F_(B).

Thus, the function F_(A) transforms a piece of T_(X)-type data D_(X) into a piece of T_(Y)-type data D_(Y), namely D_(Y)=F_(A) (D_(X)), while the function F_(B) transforms a piece of T_(Y)-type data D_(Y)′ into a piece of T_(X)-type data D_(X)′, namely D_(X)′=F_(B) (D_(Y)′).

Since the two functions F_(A) and F_(B) are inverse of each other:

-   -   by applying successively the two functions F_(A), then F_(B) to         a piece of data D_(X), one finds again the piece of data D_(X),         namely D_(X)=F_(B) (F_(A)(D_(X))),     -   by applying successively the two functions F_(B), then F_(A), to         a piece of data D_(Y)′, one finds again the piece of data         D_(Y)′, namely D_(Y)′=F_(A) (F_(B)(D_(Y)′)).

FIG. 3 illustrates the spot where the functions F_(A) and F_(B) are executed. So as to implement the invention, the functions F_(A) and F_(B) must remain confidential. To this end, the function F_(A) is carried out only inside the unit UTM_(A) and the function F_(B) is carried out only inside the unit UTM_(B) and, possibly, inside the unit UTM_(A). Thus, in the unit UTM_(A), a piece of T_(X)-type data D_(X) is transformed by the function F_(A) into a piece of T_(Y)-type data D_(Y) and, possibly, a piece of T_(Y)-type data D_(Y)′ is transformed by the function F_(B) into a piece of T_(X)-type data D_(X)′. Furthermore, in the unit UTM_(B), a piece of T_(Y)-type data D_(Y)′ is transformed by the function F_(B) into a piece of T_(X)-type data D_(X)′.

FIG. 4 makes explicit the three categories of persons or users C₁, C₂, C₃ discriminated between by the subject of the invention, depending on the possession or not of the units UTM_(A) and/or UTM_(B).

Each user of the first category C₁ is able to transform a piece of T_(X)-type data into a piece of T_(Y)-type data using the function F_(A) and, possibly to transform a piece of T_(Y)-type data into a piece of T_(X)-type data using the function F_(B). Each user of the first category C₁ can thus use a unit UTM_(A) and, possibly, a unit UTM_(B).

Each user of the second category C₂ is able to transform a piece of T_(Y)-type data into a piece of T_(X)-type data using the function F_(B). However, each user of the second category C₂ is not able to transform a piece of T_(X)-type data into a piece of T_(Y)-type data using the function F_(A). Each user of the second category C₂ can use a unit UTM_(B), but cannot use a unit UTM_(A).

Each user of the third category C₃ possesses neither a unit UTM_(A), nor a unit UTM_(B). No user of said third category C₃ is able to transform a piece of T_(X)-type data into a piece of T_(Y)-type data using the function F_(A), or to transform a piece of T_(Y)-type data into a piece of T_(X)-type data using the function F_(B).

Naturally, the functions F_(A) and F_(B) are interesting only if they are not trivial and are difficult to infer from the observation of data coming in and out of the units UTM_(A) and/or UTM_(B).

FIG. 5 illustrates a first variant embodiment of the functions F_(A) et F_(B) using the known technique of secret keys encryption. According to this variant, the function F_(A) is carried out in the form of a secret key encryption function CS using as secret key, a secret piece of information I_(CS).

The secret key encryption function CS is a standard encryption function such as for instance DES, inverse DES, triple DES, or IDEA. The secret piece of information I_(CS) is a key for the chosen encryption function. As such, the secret piece of information I_(CS) belongs to the type K_(CS), i.e. to the set of the keys for said function. For instance, said K_(CS)-type secret piece of information I_(CS) is a 56-bit integer when the chosen secret key encryption function CS is DES.

In other words, the transformation of a piece of T_(X)-type data D_(X) into a piece of T_(Y)-type data D_(Y) using the function F_(A) amounts to encrypt the piece of data D_(X) using the secret key encryption function CS, using as secret key, the K_(CS)-type secret piece of information I_(CS).

Similarly, the function F_(B), inverse of the function F_(A), is also carried out in the form of a secret key encryption function CSI, called inverse, using as secret key, a secret piece of information I_(CSI).

The secret key inverse encryption function CSI is a standard encryption function such as for instance DES, inverse DES, triple DES, or IDEA.

The secret piece of information I_(CSI) is a key for the chosen encryption function. As such, the secret piece of information I_(CSI) belongs to the type K_(CSI), i.e. to the set of the keys for said function.

In other words, the transformation of a piece of T_(Y)-type data D_(Y)′ into a piece of T_(X)-type data D_(X)′ using the function F_(B) amounts to encrypt the piece of data D_(Y)′ using the secret key inverse encryption function CSI, using as secret key, the K_(CSI)-type secret piece of information I_(CSI).

The secret key inverse encryption function CSI using the secret key I_(CSI), is the inverse of the secret key encryption function CS using the secret key I_(CS). For instance, in the case where the secret key encryption function CS is carded out by the function DES, the secret key inverse encryption function CSI must be carried out by the function inverse DES, while the K_(CS)-type secret piece of information I_(CS) and the K_(CSI)-type secret piece of information I_(CSI) must be identical.

FIGS. 6 and 7 illustrate a second variant embodiment of the functions F_(A) and F_(B), using the known technique of public key-private key encryption.

FIG. 6 illustrates a first embodiment in which the function F_(A) is carried out in the form of a public key encryption function CPU using as public key, a secret piece of information I_(CPU).

The public key encryption function CPU is a standard encryption function, for instance RSA. The secret piece of information I_(CPU) is a key for the chosen encryption function. As such, the secret piece of information I_(CPU) belongs to the type K_(CPU), i.e. to the set of the public keys for said function. For instance, said K_(CPU)-type secret piece of information I_(CPU) can be formed by a “module” and a “public exponent” when the chosen public key encryption function CPU is RSA.

In other words, the transformation of a piece of T_(X)-type data D_(X) into a piece of T_(Y)-type data D_(Y) using the function F_(A) amounts to encrypt the piece of data D_(X) using the public key encryption function CPU, using as public key, the K_(CPU)-type secret piece of information I_(CPU).

Similarly, the function F_(B), inverse of the function F_(A), is for its part carried out in the form of a private key decryption function CPUI, using as private key, a secret piece of information I_(CPUI).

The private key decryption function CPUI is a standard function, for instance RSA.

The secret piece of information I_(CPUI) is a key for the chosen decryption function. As such, the secret piece of information I_(CPUI) belongs to the type K_(CPUI), i.e. to the set of the private keys for said function.

In other words the transformation of a piece of T_(Y)-type data D_(Y)′ into a piece of T_(X)-type data D_(X)′ using the function F_(B) amounts to decrypt the piece of data D_(Y)′ using the private key decryption function CPUI, using as private key, the K_(CPUI)-type secret piece of information I_(CPUI).

The private key decryption function CPUI using the private key I_(CPUI), is the inverse of the public key encryption function CPU using the public key I_(CPU). For instance, in the case where the public key encryption function CPU is carried out by the RSA encryption function, the private key decryption function CPUI must be carried out by the RSA decryption function, while the K_(CPU)-type secret piece of information I_(CPU) and the K_(CPUI)-type secret piece of information I_(CPUI) must be respectively an RSA public key and its associated private key.

FIG. 7 illustrates a second embodiment in which the function F_(A) is carried out in the form of a private key encryption function CPR using as private key, a secret piece of information I_(CPR).

The private key encryption function CPR is a standard encryption function, for instance RSA. The secret piece of information I_(CPR) is a key for the chosen encryption function. As such, the secret piece of information I_(CPR) belongs to the type K_(CPR), i.e. to the set of the private keys for said function. For instance, said K_(CPR)-type secret piece of information I_(CPR) can be formed by a “module” and a “private exponent” when the chosen private key encryption function CPR is RSA.

In other words, the transformation of a piece of T_(X)-type data D_(X) into a piece of T_(Y)-type data D_(Y) using the function F_(A) amounts to encrypt the piece of data D_(X) using the private key encryption function CPR, using as private key, the K_(CPR)-type secret piece of information I_(CPR).

Similarly, the function F_(B), inverse of the function F_(A), is for its part carried out in the form of a public key decryption function CPRI, using as public key, a secret piece of information I_(CPRI).

The public key decryption function CPRI is a standard function, for instance RSA.

The secret piece of information I_(CPRI) is a key for the chosen decryption function. As such, the secret piece of information I_(CPRI) belongs to the type K_(CPRI), i.e. to the set of the public keys for said function.

In other words, the transformation of a piece of T_(Y)-type data D_(Y)′ into a piece of T_(X)-type data D_(X)′ using the function F_(B) amounts to decrypt the piece of data D_(Y)′ using the public key decryption function CPRI, using as public key, the K_(CPRI)-type secret piece of information I_(CPRI).

The public key decryption function CPRI using the public key I_(CPRI), is the inverse of the private key encryption function CPR using the private key I_(CPR). For instance, in the case where the private key encryption function CPR is carried out by the RSA encryption function, the public key decryption function CPRI must be carried out by the RSA decryption function, while the K_(CPR)-type secret piece of information I_(CPR) and the K_(CPRI)-type secret piece of information I_(CPRI) must be respectively an RSA private key and its associated public key.

In the two examples described in relation to FIGS. 6 and 7, the terms “encryption function” and “decryption function” are used to refer to two encryption operations inverse of each other. For the sake of clarity, the first function is called encryption function and the second function is called decryption function. That choice is arbitrary, so much so that the first function might as well be called decryption function and the second function might as well be called encryption function.

FIG. 8 is a diagram illustrating the implementation of an additional transformation function in addition to the known encryption functions, as illustrated in FIGS. 5 to 7. Indeed, can be used as function F_(A), an additional transformation function F_(ad) combined with the secret key encryption function CS or with the public key encryption function CPU or with the private key encryption function CPR. Said additional transformation function F_(ad) can be combined in any way before and/or after the secret key encryption function CS, the public key encryption function CPU or the private key encryption function CPR. Naturally, said additional transformation function F_(ad) can also be formed by at least one encryption function.

Similarly, the function F_(B) can be formed by an additional transformation function, called inverse F_(adi), which is combined with the secret key inverse encryption function CSI or with the private key decryption function CPUI or with the public key decryption function CPRI.

Whichever embodiment of the transformation functions, illustrated in FIGS. 5 to 8, it must be considered that the subject of the invention includes, besides, a customization phase of the processing and memorizing units during which the transformation functions are implanted in the processing and memorizing units.

FIG. 9 illustrates an implementation example of customization apparatuses 100 _(A) and 100 _(B) for processing and memorizing units UTM, with the intention of obtaining respectively, units UTM_(A) and units UTM_(B).

In a preferred embodiment, it must be considered that each processing and memorizing unit UTM includes algorithmic means 110 necessary to carry out the function F_(A) and algorithmic means 120 necessary to carry out the function F_(B). In the case where a secret key encryption function CS is used, the algorithmic means 110 correspond to means enabling, for instance, the carrying out of the DES function. In this case, the algorithmic means 120 correspond to means enabling the carrying out of the inverse DES function.

During a B-type customization phase, the customization apparatus 100 _(B) carried out through a data processing system of any type, includes means to customize at least one processing and memorizing unit UTM, with the intention of obtaining a unit UTM_(B). To that end, the algorithmic means 120 are used so as to obtain a unit UTM_(B) which is able to carry out the function F_(B). However, the customization apparatus 100 _(B) must also:

-   -   either inhibit the algorithmic means 110 necessary to carry out         the function F_(A),     -   or not load to the processing and memorizing unit UTM, the         customization information enabling the carrying out of the         function F_(A), and possibly prevent its later loading.

Thus, a unit UTM_(B) is obtained including the function F_(B) and not including the function F_(A).

Similarly, the customization apparatus 100 _(A) carried out through a data processing system of any type, is used during an A-type customization phase, to customize at least one processing and memorizing unit UTM, with the intention of obtaining a unit UTM_(A) including the function F_(A) and, possibly, the function F_(B). In the case where the unit UTM_(A) does not include the function F_(B), the algorithmic means 120 are inhibited or the customization information is not loaded, as explained above.

Naturally, the customization apparatuses 100 _(A) and 100 _(B) can be carried out through a same data processing system. Moreover, processing and memorizing units UTM including only the algorithmic means necessary to carry out only one of the two transformation functions can be used. In that case, it is obviously not necessary to inhibit the inverse function.

The customization apparatuses 100 _(A) and 100 _(B) are also used to provide the generation of secret information used by the functions F_(A) and F_(B) and, possibly, to provide the generation of additional parameters for the additional functions F_(ad), F_(adi) described in the examples illustrated in FIGS. 5 to 8.

FIG. 10 makes explicit the general principle of information generation. According to said figure, a principal secret SP is used by an algorithm D_(p) enabling to determine one of the pairs of secret pieces of information K_(CS)-type I_(CS) and K_(CSI)-type I_(CSI), or K_(CPU)-type I_(CPU) and K_(CPU)-type I_(CPUI), or K_(CPR)-type I_(CPR) and K_(CPR)-type I_(CPRI) and, possibly, parameters P_(ad) for the additional transformation function F_(ad) and parameters P_(adi) for the additional inverse transformation function F_(adi).

To increase security, it can be advantageous that the principal secret SP may be determined from shared secrets S₁, S₂, . . . , S_(n), using a secret reconstruction algorithm D_(ps).

After the generation of that information, it can be considered proceeding to the customization of the units UTM_(A) and UTM_(B). Thus, as it emerges more precisely from FIG. 11, during the A-type customization phase, the customization apparatus 100 _(A) is used, to transfer to a processing and memorizing unit UTM, with the intention of obtaining a unit UTM_(A):

-   -   the K_(CS)-type secret piece of information I_(CS) or the         K_(CPU)-type secret piece of information I_(CPU) or the         K_(CPR)-type secret piece of information I_(CPR) and, possibly,         the parameters P_(ad) for the additional transformation function         F_(ad) to enable the unit UTM_(A) to carry out the function         F_(A),     -   and possibly, the K_(CSI)-type secret piece of information         I_(CSI) or the K_(CPUI)-type secret piece of information         I_(CPUI) or the K_(CPRI)-type secret piece of information         I_(CPRI) and, possibly the parameters P_(adi) for the additional         inverse transformation function F_(adi) to enable the unit         UTM_(A) to carry out the function F_(B).

Similarly, the customization apparatus 100 _(B) is used during the B-type customization phase to transfer to a processing and memorizing unit UTM, with the intention of obtaining a unit UTM_(B), the K_(CSI)-type secret piece of information I_(CSI) or the K_(CPUI)-type secret piece of information I_(CPUI) or the K_(CPRI)-type secret piece of information I_(CPRI) and, possibly the parameters P_(adi) for the additional inverse transformation function F_(adi) to enable the unit UTM_(B) to carry out the function F_(B).

The subject of the invention aims at enabling to limit the possibility to transform T_(X)-type data into T_(Y)-type data and the possibility to transform T_(Y)-type data into T_(X)-type data. To that end, the subject of the invention aims at putting at the first user category C₁'s disposal, at least one unit UTM_(A) to enable to transform a piece of T_(X)-type data into a piece of T_(Y)-type using a function F_(A). Optionally, said unit UTM_(A) includes the possibility to transform a piece of T_(Y)-type data into a piece of T_(X)-type data using the function F_(B).

The second user category C₂ has at least one unit UTM_(B) able to provide the transformation of T_(Y)-type data into T_(X)-type data using the function F_(B). However, no user of said second category C₂ is able to carry out the transformation of T_(X)-type data into T_(Y)-type data using the function F_(A). It thus appears possible to limit the possibility to transform data between tie users of different categories.

The subject of the invention is particularly useful in the case where the two user categories C₁ and C₂ able to transform data, do not have access to the secret information characterizing those transformations. Such a goal is reached by using processing and memorizing units, such as material keys on the USB bus or chip cards. The only possibility for a user of a category to carry out a transformation attributed to a user of the other category, is to obtain the unit belonging to the latter.

FIGS. 12 and 13 are respectively principle and application diagrams, illustrating an application example of the subject of the invention enabling the generation and use of data designed to constitute pre-payment tokens.

As it appears more precisely in FIG. 12, a starting set E_(D) is defined, whose elements are pieces T_(X)-type data. The staring set E_(D) includes, in the illustrated example, five elements, namely: 3, 4, 5, 6, 7. Each element of the starting set E_(D) corresponds to an identifier of a client possessing a resource consumption credit, such as for instance a WEB pages viewing credit. During an A-type transformation phase, all the elements of the starting set E_(D) are transformed using the function F_(A) contained in the unit UTM_(A), so as to obtain an ending set E_(A) whose elements are pieces of T_(Y)-type data. In the illustrated example, the elements 3, 4, 5, 6, 7 are transformed respectively into 12850, 85503, 23072, 70331, 45082. The data thus obtained by the transformation carried out in the unit UTM_(A) gives no indication on the elements of the starting set E_(D).

As it appears more precisely in FIG. 13, each user belonging to the first category C₁, has a unit UTM_(A) and can thus, from known initial identifiers, namely: 3, 4, 5, 6, 7 in the illustrated example, obtain pre-payment token identifiers, respectively 12580, 85503, 23072, 70331, 45082. Such prepayment token identifiers can, for instance, be printed on tokens j which can be constituted by any appropriate support, such as plastic cards or coupons. Said pre-payment token identifiers are, preferably, masked to attest to the non-use of the resource corresponding to said tokens.

Moreover, information I enabling to characterize the starting set E_(D), is transmitted through a link L₁, to at least one system STD_(B) belonging to a user of the second category C₂. In the present case where the staring set E_(D) is composed of successive integers, the information I enabling to characterize the starting set E_(D) can, for instance, be the value of the smallest element and the number of elements of the set, namely the pair (3, 5).

In the illustrated example, one of the tokens j is transmitted to a user of the third category C₃, who thus becomes a client possessing a resource consumption credit. That transmission is carried out by any appropriate mean, such as postal delivery or personal delivery (part of a link L₂). Remember that each user of said third category C₃ has neither a unit UTM_(A), nor a unit UTM_(B).

After having uncovered the identifier of his pre-payment token, namely 85503 in the illustrated example, the user of the third category C₃ transmits through another part of the link L₂ to a user of the second category C₂, the uncovered identifier, as well as a request R_(q) for a resource R_(es) to consume. Remember that each user of the second category C₂ has a unit UTM_(B) linked up to a system STD_(B). The identifier transmitted by the user of the third category C₃ to the system STD_(B) is transferred to the unit UTM_(B), so as to provide its transformation, using the function F_(B) contained in the unit UTM_(B), with the intention of restoring the initial identifier. In the illustrated example, the unit UTM_(B) thus transfers to the system STD_(B) the known initial identifier, namely 4, corresponding to the prepayment token 85503.

The system STD_(B) uses the information I to verify that the transformed element, namely 4 in the illustrated example, belongs to the starting set E_(D). That verification enables to make sure that the pre-payment token has not been tampered with or invented. Thus, if the identifier is not recognized (N), the request R_(q) is refused, so much so that a negative reply R_(p) is sent to the user of the third category C₃. If the request is accepted (O), the identifier is used as an index in an array T of resources. Said array T indicates the quantity of remaining credits (96 in the illustrated example) for the client possessing the pre-payment token corresponding to the identifier 4. It is then verified that the remaining credits are sufficient for the request made. In the negative case (N), a negative reply R_(p) is sent to the user of the third category C₃. In the case where the credits are sufficient (O), the array is updated by subtracting the cost of the requested resource, and a positive reply R_(p) containing the requested resource R_(es) is prepared and then delivered to the user of the third category C₃.

In the previous example, note that:

-   -   a there are several links between the systems STD_(A) and         STD_(B), called L₁, L₂,     -   the users of the first category C₁ correspond to persons able to         issue pre-payment tokens,     -   the users of the second category C₂ correspond to a provider of         services wishing to charge the access to resources R_(es),     -   the users of the third category C₃ possessing at least one         pre-payment token, corresponds to clients possibly accessing         charged-for resources,     -   the users of the third category C₃ not possessing pre-payment         tokens, cannot be clients and therefore cannot access         charged-for resources.

In the preferred example described, the invention aims at limiting the possibility to transform data designed to constitute pre-payment tokens. Naturally, the subject of the invention can be implemented to limit the possibility to transform data of different kind, such as for instance, electronic mail messages, internet pages, etc.

The invention is not limited to the examples described and represented, as various modifications can be brought to it within its framework. 

1. Process to limit, through at least one processing and memorizing unit, the possibility to transform T_(X)-type data into T_(Y)-type data and the possibility to transform T_(Y)-type data into T_(X)-type data, the transformation of the T_(X)-type data into T_(Y)-type data being carried out using an A-type transformation function (F_(A)), while the transformation of the T_(Y)-type data into T_(X)-type data is carried out using a B-type transformation function (F_(B)), inverse of the A-type transformation function (F_(A)), the data being in particular designed to constitute for instance, pre-payment tokens, and being implemented on at least one data processing system, said process comprising: using an A-type data processing system (STD_(A)) and a B-type data processing system (STD_(B)), setting up at least once, at least one link (L) between the A-type data processing system (STD_(A)) and the B-type data processing system (STD_(B)), so as to provide the transfer of at least T_(Y)-type data from the A-type data processing system (STD_(A)) to the B-type data processing system (STD_(B)) and/or to provide the transfer of at least T_(X)-type data from the B-type data processing system (STD_(B)) to the A-type data processing system (STD_(A)), during an A-type customization phase, creating at least one A-type processing and memorizing unit (UTM_(A)) including at least the A-type transformation function (F_(A)), during an A-type transformation phase: for a user possessing at least one A-type processing and memorizing unit (UTM_(A)), enabling: to transfer at least one piece of T_(X)-type data from the A-type data processing system (STD_(A)) to the A-type processing and memorizing unit (UTM_(A)), to transform in the A-type processing and memorizing unit (UTM_(A)), each piece of T_(X)-type data into a piece of T_(Y)-type data, using the A-type transformation function (F_(A)), to transfer each piece of T_(Y)-type data from the A-type processing and memorizing unit (UTM_(A)) to the A-type data processing system (STD_(A)), for a user not possessing any A-type processing and memorizing unit (UTM_(A)), not being able to transform a piece of T_(X)-type data into a piece of T_(Y)-type data, using the A-type transformation function (F_(A)), during a B-type customization phase, creating at least one B-type processing and memorizing unit (UTM_(B)) including the B-type transformation function (F_(B)) and not including the A-type transformation function (F_(A)), and during a B-type transformation phase: for a user possessing a B-type processing and memorizing unit (UTM_(B)), and not possessing an A-type processing and memorizing unit (UTM_(A)), enabling: to transfer at least one piece of T_(Y)-type data from the B-type data processing system (STD_(B)), to the B-type processing and memorizing unit (UTM_(B)), to transform in the B-type processing and memorizing unit (UTM_(B)), each piece of T_(Y)-type data into a piece of T_(X)-type data, using the B-type transformation function (F_(B)), to transfer each piece of T_(X)-type data from the B-type processing and memorizing unit (UTM_(B)) to the B-type data processing system (STD_(B)), not being able to transform a piece of T_(X)-type data into a piece of T_(Y)-type data using the A-type transformation function (F_(A)).
 2. Process according to claim 1, comprising, during the A-type customization phase, creating an A-type processing and memorizing unit (UTM_(A)) also including the B-type transformation function (F_(B)) inverse of the A-type transformation function (F_(A)).
 3. Process according to claim 1 or 2, comprising: using in the A-type processing and memorizing unit (UTM_(A)) as A-type transformation function (F_(A)), a secret key encryption function (CS), as well as a K_(CS)-type secret piece of information (I_(CS)) used as secret key for said function, and using in the B-type processing and memorizing (UTM_(B)) and possibly in the A-type processing and memorizing unit (UTM_(A)), as B-type transformation function (F_(B)): a secret key inverse encryption function (CSI), inverse of the secret key encryption function (CS), and a K_(CSI)-type secret piece of information (I_(CSI)) used as secret key for the secret key inverse encryption function (CSI).
 4. Process according to claim 1 or 2, comprising: using in the A-type processing and memorizing unit (UTM_(A)), as A-type transformation function (F_(A)), a public key encryption function (CPU), as well as a K_(CPU)-type secret piece of information (I_(CPU)) used as public key for said function, and using in the B-type processing and memorizing (UTM_(B)) and possibly in the A-type processing and memorizing unit (UTM_(A)), as B-type transformation function (F_(B)): a private key description function (CPUI), inverse of the public key encryption function (CPU), and a K_(CPUI)-type secret piece of information (I_(CPUI)) used as private key for the private key decryption function (CPUI).
 5. Process according to claim 1 or 2, comprising: using in the A-type processing and memorizing unit (UTM_(A)), as A-type transformation function (F_(A)), a private key encryption function (CPR), as well as a K_(CPR)-type secret piece of information (I_(CPR)) used as private key for said function, and using in the B-type processing and memorizing (UTM_(B)) and possibly in the A-type processing and memorizing unit (UTM_(A)), as B-type transformation function (F_(B)): a public key decryption function (CPRI), inverse of the private key encryption function (CPR), and a K_(CPRI)-type secret piece of information (I_(CPRI)) used as public key for the public key decryption function (CPRI).
 6. Process according to claim 3, 4 or 5, comprising: using as A-type transformation function (F_(A)), an additional transformation function (F_(ad)) combined with the secret key encryption function (CS), with the public key encryption function (CPU), or with the private key encryption function (CPR), and using as B-type transformation function (F_(B)), an additional inverse transformation function (F_(adi)) combined with the secret key inverse encryption function (CSI), with the private key decryption function (CPUI), or with the public key decryption function (CPRI).
 7. Process according to one of the claims 1 to 5, comprising: using as A-type processing and memorizing units (UTM_(A)) and/or B-type processing and memorizing units (UTM_(B)), processing and memorizing units (UTM) including each algorithmic means (110, 120) necessary to carry out the A-type transformation function (F_(A)) the B-type transformation function (F_(B)), inhibiting: during the B-type customization phase, in each B-type processing and memorizing unit (UTM_(B)), the possibility to carry out the A-type transformation function (F_(A)), and possibly, during the A-type customization phase, in each A-type processing and memorizing unit (UTM_(A)), the possibility to carry out the B-type transformation function (F_(B)).
 8. Process according to one of the claims 3, 4, 5 or 6, comprising generating a principal secret (SP) from which is determined a pair of secret pieces of information K_(CS)-type (I_(CS)) and K_(CSI)-type (I_(CSI)), or K_(CPU)-type (I_(CPU)) and K_(CPUI)-type (I_(CPUI)), or K_(CPR)-type (I_(CPR)) and K_(CPRI)-type (I_(CPRI)) and possibly parameters (P_(ad)) for the additional transformation function (F_(ad)) and parameters (P_(adi)) for the additional inverse transformation function (F_(adi)).
 9. Process according to claim 8, comprising using a method of shared secrets (S₁, S₂, . . . , S_(n)) to generate the principal secret (SP).
 10. Process according to claim 8 or 9, comprising: using the principal secret (SP) to generate at least one of the elements of the pairs of secret pieces of information K_(CS)-type (I_(CS)) and K_(CSI)-type (I_(CSI)), or K_(CPU)-type (I_(CPU)) and K_(CPUI)-type (I_(CPUI)), or K_(CPR)-type (I_(CPR)) and K_(CPRI)-type (I_(CPRI)), and possibly parameters (P_(ad)) for the additional transformation function (F_(ad)) and parameters (P_(adi)) for the additional inverse transformation function (F_(adi)), customizing during the A-type customization phase, each processing and memorizing unit (UTM_(A)) by transferring to it: the K_(CS)-type secret piece of information (I_(CS)) or the K_(CPU)-type secret piece of information (I_(CPU)) or the K_(CPR)-type secret piece of information (I_(CPR)) and possibly the parameters (P_(ad)) for the additional transformation function (F_(ad)) to enable it to carry out the A-type transformation function (F_(A)), and possibly, the K_(CSI)-type secret piece of information (I_(CSI)) or the K_(CPUI)-type secret piece of information (I_(CPUI)) or the K_(CPRI)-type secret piece of information (I_(CPRI)) and, possibly the parameters (P_(adi)) for the additional inverse transformation function (F_(adi)) to enable it to carry out the B-type transformation function (F_(B)), customizing during the B-type customization phase, each B-type processing and memorizing unit (UTM_(B)) by transferring to it the K_(CSI)-type secret piece of information (I_(CSI)) or the K_(CPUI)-type secret piece of information (I_(CPUI)) or the K_(CPRI)-type secret piece of information (I_(CPRI)) and, possibly the parameters (P_(adi)) for the additional inverse transformation function (F_(adi)) to enable it to carry out the B-type transformation function (F_(B)).
 11. Process according to claim 1, comprising: during the A-type transformation phase: defining a starting set (E_(D)) whose elements are pieces of T_(X)-type data, transforming all the elements of the starting set (E_(D)) using the A-type transformation function (F_(A)) contained in the A-type processing and memorizing unit (UTM_(A)), so as to obtain an ending set (E_(A)) whose elements are pieces of T_(Y)-type data, transferring from the A-type data processing system (STD_(A)) to the B-type data processing system (STD_(B)) through the link(s) (L): information (I) enabling to characterize the starting set (E_(D)), and at least one element of the ending set (E_(A)), and during the B-type transformation phase, for at least one element of the ending set (E_(A)) transferred from the A-type data processing system (STD_(A)) to the B-type data processing system (STD_(B)): transforming it using the B-type transformation function (F_(B)) contained in the B-type processing and memorizing unit (UTM_(B)), and verifying, using the information (I) enabling to characterize the starting set (E_(D)), that that transformed element corresponds to an element of the starting set (E_(D)).
 12. Process according to claim 11, comprising using each element of the ending set (E_(A)) to constitute a prepayment token (j).
 13. System to limit the possibility to transform T_(X)-type data into T_(Y)-type data and the possibility to transform T_(Y)-type data into T_(X)-type data, the transformation of the T_(X)-type data into T_(Y)-type data being carried out using an A-type transformation function (F_(A)), while the transformation of the T_(Y)-type data into T_(X)-type data is carried out using a B-type transformation function (F_(B)), inverse of the A-type transformation function (F_(A)), the data being in particular designed to constitute for instance pre-payment tokens, said system being characterized in that it includes: at least one A-type data processing system (STD_(A)), at least one B-type data processing system (STD_(B)), at least one link (L), at least once, between the A-type data processing system (STD_(A)) and the B-type data processing system (STD_(B)), so as to provide the transfer of at least T_(Y)-type data from the A-type data processing system (STD_(A)) to the B-type data processing system (STD_(B)) and/or to provide the transfer of at least T_(X)-type data from the B-type data processing system (STD_(B)) to the A-type data processing system (STD_(A)), at least one A-type processing and memorizing unit (UTM_(A)) including at least the A-type transformation function (F_(A)), means to define at least one piece of T_(X)-type data designed to be transformed into a piece of T_(Y)-type data, means to transfer at least one piece of T_(X)-type data from the A-type data processing system (STD_(A)) to the A-type processing and memorizing unit (UTM_(A)), means to transform in the A-type processing and memorizing unit (UTM_(A)), each piece of T_(X)-type data into a piece of T_(Y)-type data, using the A-type transformation function (F_(A)), means to transfer each piece of T_(Y)-type data from the A-type processing and memorizing unit (UTM_(A)) to the A-type data processing system (STD_(A)), at least one B-type processing and memorizing unit (UTM_(B)) including the B-type transformation function (F_(B)) and not including the A-type transformation function (F_(A)), with the intention of not being able to transform a piece of T_(X)-type data into a piece of T_(Y)-type data using the A-type transformation function (F_(A)), means to define at least one piece of T_(Y)-type data designed to be transformed into apiece of T_(X)-type data, means to transfer at least one piece of T_(Y)-type data from the B-type data processing system (STD_(B)) to the B-type processing and memorizing unit (UTM_(B)), means to transform in the B-type processing and memorizing unit (UTM_(B)), each piece of T_(Y)-type data into a piece of T_(X)-type data, using the B-type transformation function (F_(B)), and means to transfer each piece of T_(X)-type data from the B-type processing and memorizing unit (UTM_(B)) to the B-type data processing system (STD_(B)).
 14. System according to claim 13, characterized in that the A-type processing and memorizing unit (UTM_(A)) also includes the B-type transformation function (F_(B)) inverse of the A-type transformation function (F_(A)).
 15. System according to claim 13 or 14, characterized in that: the A-type processing and memorizing unit (UTM_(A)) includes as A-type transformation function (F_(A)), a secret key encryption function (CS), as well as a K_(CS)-type secret piece of information (I_(CS)) used as secret key for said function, and the B-type processing and memorizing unit (UTM_(A)) and possibly the A-type processing and memorizing unit (UTM_(A)), include(s) as B-type transformation function (F_(B)): a secret key inverse encryption function (CSI), inverse of the secret key encryption function (CS), and a K_(CSI)-type secret piece of information (I_(CSI)) used as secret key for the secret key inverse encryption function (CSI).
 16. Apparatus to customize processing and memorizing units (UTM) used in a system in accordance with one of the claims 13 to 15, characterized in that it includes means to customize: at least one A-type processing and memorizing unit (UTM_(A)) including the A-type transformation function (F_(A)) and possibly the B-type transformation function (F_(B)), and/or at least one B-type processing and memorizing unit (UTM_(B)) including the B-type transformation function (F_(B)) and not including the A-type transformation function (F_(A)).
 17. Apparatus according to claim 16, characterized in that it includes, for processing and memorizing units (UTM) including each the possibility to carry out the A-type transformation function (F_(A)) and the B-type transformation function (F_(B)), inhibition means adapted to inhibit: in each B-type processing and memorizing unit (UTM_(B)) the use of the A-type transformation function (F_(A)), and possibly in each A-type processing and memorizing unit (UTM_(A)), the use of the B-type transformation function (F_(B)). 